Cannot connect to Collabora server

Nextcloud version: 18.0.2
Operating system and version: Debian 10.3

The issue you are facing:
I can’t get Collabora to work with Nextcloud. I have my Let’s Encrypt, nginx, Nextcloud, and Collabora images all setup with docker-compose.

Steps to replicate it:

1. Setup Collabora server with docker-compose
2. Add its URL to the Collabora Online settings URL field

The output of your Nextcloud log in Admin > Logging:

[richdocuments] Error: GuzzleHttp\Exception\ConnectException: cURL error 6: Could not resolve host: collabora (see http://curl.haxx.se/libcurl/c/libcurl-errors.html) at <<closure>>

 0. /config/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php line 149
    GuzzleHttp\Handler\CurlFactory::createRejection(GuzzleHttp\Handl ... l}, {errno: 6,error: ... 8})
 1. /config/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php line 102
    GuzzleHttp\Handler\CurlFactory::finishError(GuzzleHttp\Handler\CurlHandler {}, GuzzleHttp\Handl ... l}, GuzzleHttp\Handler\CurlFactory {})
 2. /config/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/Handler/CurlHandler.php line 43
    GuzzleHttp\Handler\CurlFactory::finish(GuzzleHttp\Handler\CurlHandler {}, GuzzleHttp\Handl ... l}, GuzzleHttp\Handler\CurlFactory {})
 3. /config/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/Handler/Proxy.php line 28
    GuzzleHttp\Handler\CurlHandler->__invoke("*** sensitive parameter replaced ***", "*** sensitive parameter replaced ***")
 4. /config/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/Handler/Proxy.php line 51
    GuzzleHttp\Handler\Proxy::GuzzleHttp\Handler\{closure}("*** sensitive parameters replaced ***")
 5. /config/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/PrepareBodyMiddleware.php line 37
    GuzzleHttp\Handler\Proxy::GuzzleHttp\Handler\{closure}("*** sensitive parameters replaced ***")
 6. /config/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/Middleware.php line 30
    GuzzleHttp\PrepareBodyMiddleware->__invoke("*** sensitive parameter replaced ***", "*** sensitive parameter replaced ***")
 7. /config/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/RedirectMiddleware.php line 70
    GuzzleHttp\Middleware::GuzzleHttp\{closure}("*** sensitive parameters replaced ***")
 8. /config/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/Middleware.php line 60
    GuzzleHttp\RedirectMiddleware->__invoke("*** sensitive parameter replaced ***", "*** sensitive parameter replaced ***")
 9. /config/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/HandlerStack.php line 67
    GuzzleHttp\Middleware::GuzzleHttp\{closure}("*** sensitive parameters replaced ***")
10. /config/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/Client.php line 277
    GuzzleHttp\HandlerStack->__invoke("*** sensitive parameter replaced ***", "*** sensitive parameter replaced ***")
11. /config/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/Client.php line 125
    GuzzleHttp\Client->transfer("*** sensitive parameter replaced ***", "*** sensitive parameter replaced ***")
12. /config/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/Client.php line 131
    GuzzleHttp\Client->requestAsync("get", GuzzleHttp\Psr7\Uri {}, {verify: "/data/ ... }})
13. /config/www/nextcloud/lib/private/Http/Client/Client.php line 149
    GuzzleHttp\Client->request("get", "collabora:9980/hosting/discovery", {proxy: null,ver ... e})
14. /config/www/nextcloud/apps/richdocuments/lib/WOPI/DiscoveryManager.php line 106
    OC\Http\Client\Client->get("collabora:9980/hosting/discovery", {timeout: 5})
15. /config/www/nextcloud/apps/richdocuments/lib/WOPI/DiscoveryManager.php line 78
    OCA\Richdocuments\WOPI\DiscoveryManager->fetchFromRemote()
16. /config/www/nextcloud/apps/richdocuments/lib/WOPI/Parser.php line 41
    OCA\Richdocuments\WOPI\DiscoveryManager->get()
17. /config/www/nextcloud/apps/richdocuments/lib/TokenManager.php line 196
    OCA\Richdocuments\WOPI\Parser->getUrlSrc("application/vnd.oasis.opendocument.text")
18. /config/www/nextcloud/apps/richdocuments/lib/Controller/DocumentController.php line 236
    OCA\Richdocuments\TokenManager->getToken("*** sensitive parameters replaced ***")
19. /config/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php line 170
    OCA\Richdocuments\Controller\DocumentController->index("*** sensitive parameter replaced ***")
20. /config/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php line 99
    OC\AppFramework\Http\Dispatcher->executeController(OCA\Richdocument ... {}, "index")
21. /config/www/nextcloud/lib/private/AppFramework/App.php line 125
    OC\AppFramework\Http\Dispatcher->dispatch(OCA\Richdocument ... {}, "index")
22. /config/www/nextcloud/lib/private/AppFramework/Routing/RouteActionHandler.php line 47
    OC\AppFramework\App::main("OCA\\Richdocume ... r", "index", OC\AppFramework\ ... {}, {_route: "richdocuments.document.index"})
23. <<closure>>
    OC\AppFramework\Routing\RouteActionHandler->__invoke({_route: "richdocuments.document.index"})
24. /config/www/nextcloud/lib/private/Route/Router.php line 299
    call_user_func(OC\AppFramework\ ... {}, {_route: "richdocuments.document.index"})
25. /config/www/nextcloud/lib/base.php line 1008
    OC\Route\Router->match("/apps/richdocuments/index")
26. /config/www/nextcloud/index.php line 38
    OC::handleRequest()

GET /apps/richdocuments/index?fileId=6131&requesttoken=Mdot1veJNNUIPkBJjmpRcWBDzCiI5V27rkYBN0%2FRgRM%3D%3ACJx%2B49jdQOdsTiV8xFghCFJsv2W9oRnWlyppGCuhzHc%3D
from 172.18.0.8 by cassidy at 2020-03-19T19:05:36+00:00

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'datadirectory' => '/data',
  'trusted_proxies' =>
  array (
    0 => 'letsencrypt',
  ),
  'overwrite.cli.url' => 'https://cloud.mydomain.com/',
  'overwritehost' => 'cloud.mydomain.com',
  'overwriteprotocol' => 'https',
  'trusted_domains' =>
  array (
    0 => 'cloud.mydomain.com',
  ),
  'instanceid' => 'ocgiijrqfwz6',
  'passwordsalt' => 'NXw7h7IPFgy2GGFSm7gE2wE3KNh3S7',
  'secret' => 'EzZ/ttfZAEezIh3A5M7KNAnIWBC4bZBsLjj/I0VfqoP8ERPh',
  'dbtype' => 'mysql',
  'version' => '18.0.2.2',
  'dbname' => 'nextcloud',
  'dbhost' => 'mariadb:3306',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'nextcloud',
  'dbpassword' => 'nextcloud',
  'mysql.utf8mb4' => true,
  'installed' => true,
  'mail_from_address' => 'mail',
  'mail_smtpmode' => 'smtp',
  'mail_sendmailmode' => 'pipe',
  'mail_domain' => 'mydomain.com',
  'twofactor_enforced' => 'false',
  'twofactor_enforced_groups' =>
  array (
    0 => 'admin',
  ),
  'twofactor_enforced_excluded_groups' =>
  array (
  ),
  'maintenance' => false,
  'theme' => '',
  'loglevel' => 2,
  'mail_smtpport' => '587',
  'mail_smtphost' => 'postfix',
);

Also, going office.domain.com just gives me the default nginx “Welcome to our server” message. I’m not sure if it’s supposed to do that or not.

what’s the name of your collabora container?

It’s just collabora

could have a lot of reasons.

it depends on your docker-compose file, the collabora app settings and the web server/proxy settings.

e.g. when you have a separate domain office.domain.com why the error messages cURL error 6: Could not resolve host: collabora appears?

This is my docker-compse.yml:

 nextcloud:
    image: linuxserver/nextcloud
    container_name: nextcloud
    environment:
      - PUID=1001
      - PGID=1001
      - TZ=Country/City
    volumes:
      - /opt/docker/config/nextcloud:/config
      - /opt/docker/data/nextcloud:/data
    restart: unless-stopped
  mariadb:
    image: linuxserver/mariadb
    container_name: mariadb
    environment:
      - PUID=1001
      - PGID=1001
      - MYSQL_ROOT_PASSWORD=super_secret_password
      - MYSQL_PASSWORD=nextcloud
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - TZ=Country/City
    volumes:
      - /opt/docker/config/mariadb:/config
    ports:
      - 3306:3306
    restart: unless-stopped
  letsencrypt:
    image: linuxserver/letsencrypt
    container_name: letsencrypt
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1001
      - PGID=1001
      - TZ=Country/City
      - URL=mydomain.com
      - SUBDOMAINS=wildcard
      - VALIDATION=dns
      - DNSPLUGIN=cloudflare
    volumes:
      - /opt/docker/config/letsencrypt:/config
    ports:
      - 443:443
      - 80:80
    restart: unless-stopped
  collabora:
    image: collabora/code
    container_name: collabora
    hostname: office.mydomain.com
    ports:
      - 9980:9980
    cap_add:
      - MKNOD
    environment:
      - domain=<cloud.mydomain.com>
      - VIRTUAL_HOST=<office.mydomain.com>
      - VIRTUAL_PORT=9980
      - VIRTUAL_PROTO=https
      - LETSENCRYPT_HOST=<office.mydomain.com>
      - LETSENCRYPT_EMAIL=<poperigby@tuta.io>
    restart: unless-stopped

Collabora app settings:

image1620×620 23.7 KB

nginx settings for Collabora subdomain:

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name office.*;

    include /config/nginx/ssl.conf;

    # static files
    location ^~ /loleaflet {
        resolver 127.0.0.11 valid=30s;
        set $upstream_app collabora;
        set $upstream_port 9980;
        set $upstream_proto https;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_set_header Host $http_host;
    }

    # WOPI discovery URL
    location ^~ /hosting/discovery {
        resolver 127.0.0.11 valid=30s;
        set $upstream_app collabora;
        set $upstream_port 9980;
        set $upstream_proto https;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_set_header Host $http_host;
    }

    # Capabilities
    location ^~ /hosting/capabilities {
        resolver 127.0.0.11 valid=30s;
        set $upstream_app collabora;
        set $upstream_port 9980;
        set $upstream_proto https;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_set_header Host $http_host;
    }

    # main websocket
    location ~ ^/lool/(.*)/ws$ {
        resolver 127.0.0.11 valid=30s;
        set $upstream_app collabora;
        set $upstream_port 9980;
        set $upstream_proto https;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $http_host;
        proxy_read_timeout 36000s;
    }

    # download, presentation and image upload
    location ~ ^/lool {
        resolver 127.0.0.11 valid=30s;
        set $upstream_app collabora;
        set $upstream_port 9980;
        set $upstream_proto https;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_set_header Host $http_host;
    }

    # Admin Console websocket
    location ^~ /lool/adminws {
        resolver 127.0.0.11 valid=30s;
        set $upstream_app collabora;
        set $upstream_port 9980;
        set $upstream_proto https;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $http_host;
        proxy_read_timeout 36000s;
    }
}

e.g. when you have a separate domain office.domain.com why the error messages cURL error 6: Could not resolve host: collabora appears?

I’m not really sure

collabora domain?

nextcloud domain?

but you use the nextcloud nginx proxy in front of collabora?

if you run nc and collabora on the same server - imho - you don’t need https between the nginx container and the collabora container. since the docker internal network is used.

and i think you put http here but configure the collabora container to use https.

so your nginx revers proxy is correct. you have to configure the collabora container to use http, dump the office domain stuff and put https://cloud.mydomain.com/ in the app config “URL of collabora online-server” field.

How would I do that?

i though you can do this with this environment. but this environment only controls the nginx/letsencrypt container. right?

then i think just try to put https://cloud.mydomain.com in the nextcloud app.
or https://office.mydomain.com. it should be the url of the nginx proxy in front of collabora.

what is your aim to use different domains here?

Changing that to http gives the same timeout error

Doing that just makes it get stuck at “saving” when I click apply

Same error from before when doing that.

That URL should be just https://mydomain.com per this part of my docker-compose.yml:

letsencrypt:
    image: linuxserver/letsencrypt
    container_name: letsencrypt
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1001
      - PGID=1001
      - TZ=Country/City
      - URL=mydomain.com
      - SUBDOMAINS=wildcard
      - VALIDATION=dns
      - DNSPLUGIN=cloudflare
    volumes:
      - /opt/docker/config/letsencrypt:/config
    ports:
      - 443:443
      - 80:80 
    restart: unless-stopped

but setting it to that also gives the same error.

I was following this post.

according to the nginx.conf it’s office.* (don’t know if you put * to hide your domain.)

did you try to put “everywhere” office.mydomain.com? also here in the collabora container section:

in my playbook i setup collabora/nextcloud to run behind a traefik reverse proxy to handle letsencrypt certs and ingress routing.

the domain variable in the collabora container environment is the nextcloud public fqdn.

please note that the domainname must be <your-dot-escaped-domain> i don’t know if this applys also to docker compose files. you may try.

the app setting is also the nextcloud fqdn.

so if you setup your own fqdn for collabora these two settings have to be consistent .

the nginx web server in front of nextcloud is configured to redirect the incoming traffic to the collabora container. but is listening only to port 80. the traefik container handles https. but the proxy_pass settings should be equal to yours.

p.s. found it.

I didn’t. It already had office.* by default.

I thought domain was supposed to be my Nextcloud URL?

I actually did setup a CNAME for office.mydomain.com on Cloudflare, but I’m getting kind of confused. Am I supposed to enter the Nextcloud FQDN, or the Collabora FQDN in the Nextcloud settings.

I’ll change that and see if it does anything.

So should I be setting proxy_pass https://collabora_online: to a different port in my nginx config?

That test doesn’t seem to work unfortunately.

P.S. Thank you for helping me

no. collabora_online is the name of the collabora container in my setup.
yours is collabora. i only wanted to show you that you have to use in both places the same address.

in your case the collabora fqdn. since you have an nginx server sending all request for office.* to https://collabora:9980.

Setting the URL in the Nextcloud settings to office.mydomain.com didn’t work.

Hi

I’m not sure I can totally contribute as you’ve gone the complete docker route. I only have collabora setup within docker (although heck I’d love to do more actually).

Where is your nginx reverse proxy? It looks by the way you are referencing things its in the docker network, however I didn’t see any nginx container mentioned in your configuration.yml file. Is nginx part of the nextcloud container?

To best test your system initially its probably easiest to eliminate the SSL stuff and go without certs. I know when I was setting up my stuff adding certs into a running setup caused a few errors which I was eventually able to solve. I’m glad however I took a stepwise approach in implementing these things.

In terms of your docker-compose collabora stuff, mine looks like this:

version: '3.3'

networks:
  net:
   driver: bridge

services:

  collabora:
    restart: always
    image: collabora/code:latest
    container_name: collabora
    networks:
      - net
    ports:
#      - 127.0.0.1:9980:9980
      - 9980:9980
    cap_add:
      - MKNOD
    environment:
      - TZ=America/Chicago
      - username=admin
      - password=dockercol
      - domain=nextcloud\\.example\\.com
#      - cert_domain=office.example.com
      - DONT_GEN_SSL_CERT="True"
      - server_name=office.example.com
#      - extra_params=--o:ssl.enable=false --o:ssl.termination=true
      - extra_params="--o:ssl.enable=true"
    volumes:
      - /etc/letsencrypt/office.example.com/privkey.pem:/etc/loolwsd/key.pem
      - /etc/letsencrypt/office.example.com/cert.pem:/etc/loolwsd/cert.pem
#      - /etc/ssl/certs/ca-certificates.crt:/etc/loolwsd/ca-chain.cert.pem
      - /etc/letsencrypt/office.example.com/chain.pem:/etc/loolwsd/ca-chain.cert.pem

The server name should be the name of the collabora server.
The domain name is the nextcloud FQDN and not the double \. Those need to be in there.
My setup is an nginx reverse proxy that terminates for the nextcloud.example.com connection but then re-encrypts to the upstream collabora VM/Docker container. If you don’t need this re-encryption to the upstream collabora server then go with the option:

• extra_params=–o:ssl.enable=false --o:ssl.termination=true and not - extra_params="–o:ssl.enable=true". The mounted volumes are only needed for re-encryption to the upstream collabora server using Let’s Encrypt certificates — so no need for these volumes if not re-encrypting to the backend.

If your nextcloud and collabora are part of the same docker network, I believe the nextcloud setting should be http://collabora:9980 (or if you have SSL enabled upstream) it would be https://collabora:9980 (this might give you a certificate error however since your certificate is going to resolve to office.mydomain.com — I’m not sure the workaround for this however I think office.mydomain.com would need to be added to the internal DNS server of the docker network (internal DNS server located at 127.0.0.11) or you would add your local DNS resolver for hostname lookup – google how to do that)

You should be able within a webbrower to connect to the collabora server correctly at https://office.mydomain.com (or http depending on setup) . You should see within browser just an OK returned. This cuts the reverse proxy out of the loop.

better try: https://office.mydomain.com/loleaflet/dist/admin/admin.html or https://office.mydomain.com/hosting/discovery
because only these urls are configured in the nginx config for collabora.

My nginx reverse proxy is part of the letsencrypt image. I’m using the linuxserver.io one:
https://hub.docker.com/r/linuxserver/letsencrypt

I’m a bit confused what I need this part for.

Setting that gives me the Failed to load Collabora Online - please try again later error when I try to run a test document. Using http does the same thing. No certificate errors.

Going to that gives me this message:

…so I guess that’s good.

Out of curiosity, I checked the log for the Collabora container and it had this error:

SAXParseException: Tag mismatch in '/etc/loolwsd/loolwsd.xml', line 120 column 102

…not sure if that’s helpful

Going to both of those URLs gives me a 504

HTTP 504 Gateway Timeout
your collabora Container is not reachable from the nginx container.

do you know who to run a shell in your container and try curl from inside the nginx container?

@PopeRigby

Can you describe your setup to me? Whats in docker containers and what is not.
Your domain names involved, etc. This thread is getting pretty long and I don’t have a great picture of your setup.